ci: Apply PostgreSQL performance optimizations to GitHub Actions #24644
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - master | |
| - pg-perf | |
| pull_request: | |
| permissions: {} | |
| concurrency: | |
| group: ci-${{ github.head_ref || github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CARGO_TERM_COLOR: always | |
| # renovate: datasource=crate depName=cargo-deny versioning=semver | |
| CARGO_DENY_VERSION: 0.18.3 | |
| # renovate: datasource=crate depName=cargo-machete versioning=semver | |
| CARGO_MACHETE_VERSION: 0.8.0 | |
| # renovate: datasource=npm depName=pnpm | |
| PNPM_VERSION: 10.12.3 | |
| # renovate: datasource=docker depName=postgres | |
| POSTGRES_VERSION: 16 | |
| # renovate: datasource=pypi depName=zizmor | |
| ZIZMOR_VERSION: 1.10.0 | |
| jobs: | |
| changed-files: | |
| name: Changed Files | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| # This is needed to get the commit history for the changed-files action | |
| # (see https://github.com/tj-actions/changed-files/blob/v46.0.5/README.md#usage-) | |
| fetch-depth: 0 | |
| - uses: tj-actions/changed-files@6cb76d07bee4c9772c6882c06c37837bf82a04d3 # v46.0.4 | |
| id: changed-files-non-js | |
| with: | |
| files_ignore: | | |
| app/** | |
| e2e/** | |
| packages/** | |
| public/** | |
| tests/** | |
| eslint.config.mjs | |
| .template-lintrc.js | |
| ember-cli-build.js | |
| package.json | |
| pnpm-lock.yaml | |
| testem.js | |
| - uses: tj-actions/changed-files@6cb76d07bee4c9772c6882c06c37837bf82a04d3 # v46.0.4 | |
| id: changed-files-non-rust | |
| with: | |
| files_ignore: | | |
| crates/** | |
| migrations/** | |
| src/** | |
| build.rs | |
| Cargo.lock | |
| Cargo.toml | |
| rust-toolchain.toml | |
| - uses: tj-actions/changed-files@6cb76d07bee4c9772c6882c06c37837bf82a04d3 # v46.0.4 | |
| id: changed-files-rust-lockfile | |
| with: | |
| files: Cargo.lock | |
| - uses: tj-actions/changed-files@6cb76d07bee4c9772c6882c06c37837bf82a04d3 # v46.0.4 | |
| id: changed-files-ci | |
| with: | |
| files: .github/workflows/** | |
| outputs: | |
| non-js: ${{ steps.changed-files-non-js.outputs.any_modified }} | |
| non-rust: ${{ steps.changed-files-non-rust.outputs.any_modified }} | |
| rust-lockfile: ${{ steps.changed-files-rust-lockfile.outputs.any_modified }} | |
| ci: ${{ steps.changed-files-ci.outputs.any_modified }} | |
| percy-nonce: | |
| name: Frontend / Percy Nonce | |
| runs-on: ubuntu-latest | |
| needs: changed-files | |
| if: needs.changed-files.outputs.non-rust == 'true' | |
| # persist job results to other jobs in the workflow | |
| outputs: | |
| nonce: ${{ steps.percy-nonce.outputs.nonce }} | |
| steps: | |
| # persist step results to other steps in the job | |
| - id: percy-nonce | |
| # adding a timestamp makes the nonce more unique for re-runs | |
| run: echo "nonce=${{ github.run_id }}-$(date +%s)" >> $GITHUB_OUTPUT | |
| backend-lint: | |
| name: Backend / Lint | |
| runs-on: ubuntu-24.04 | |
| needs: changed-files | |
| if: needs.changed-files.outputs.non-js == 'true' | |
| env: | |
| RUSTFLAGS: "-D warnings" | |
| RUSTDOCFLAGS: "-D warnings" | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - run: rustup component add rustfmt | |
| - run: rustup component add clippy | |
| - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 | |
| with: | |
| save-if: ${{ github.ref == 'refs/heads/main' }} | |
| - run: cargo fmt --check --all | |
| - run: cargo clippy --all-targets --all-features --workspace | |
| - run: cargo doc --no-deps --document-private-items | |
| backend-deps: | |
| name: Backend / dependencies | |
| runs-on: ubuntu-24.04 | |
| needs: changed-files | |
| if: github.event_name != 'pull_request' || needs.changed-files.outputs.rust-lockfile == 'true' | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 | |
| with: | |
| save-if: ${{ github.ref == 'refs/heads/main' }} | |
| - run: cargo install cargo-deny --vers ${CARGO_DENY_VERSION} | |
| - run: cargo deny check | |
| - run: cargo install cargo-machete --vers ${CARGO_MACHETE_VERSION} | |
| - run: cargo machete | |
| backend-test: | |
| name: Backend / Test | |
| runs-on: ubuntu-24.04 | |
| needs: changed-files | |
| if: needs.changed-files.outputs.non-js == 'true' | |
| env: | |
| RUST_BACKTRACE: 1 | |
| TEST_DATABASE_URL: postgres://postgres:postgres@localhost/postgres | |
| RUSTFLAGS: "-D warnings -Cinstrument-coverage" | |
| MALLOC_CONF: "background_thread:true,abort_conf:true,abort:true,junk:true" | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| # Remove the Android SDK to free up space | |
| - run: sudo rm -rf /usr/local/lib/android | |
| - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 | |
| with: | |
| save-if: ${{ github.ref == 'refs/heads/main' }} | |
| # Update `pg_dump` to the same version as the running PostgreSQL server | |
| - run: sudo /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -v ${POSTGRES_VERSION} -i -p | |
| - run: sudo systemctl start postgresql.service | |
| - run: sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD 'postgres'" | |
| # Apply PostgreSQL performance optimizations for test speed | |
| # WARNING: These settings sacrifice data durability for speed - test environments only! | |
| - run: | | |
| PGPASSWORD=postgres psql -h localhost -U postgres -d postgres -c "ALTER SYSTEM SET fsync = off;" | |
| PGPASSWORD=postgres psql -h localhost -U postgres -d postgres -c "ALTER SYSTEM SET wal_level = minimal;" | |
| PGPASSWORD=postgres psql -h localhost -U postgres -d postgres -c "ALTER SYSTEM SET full_page_writes = off;" | |
| PGPASSWORD=postgres psql -h localhost -U postgres -d postgres -c "ALTER SYSTEM SET checkpoint_timeout = '10min';" | |
| PGPASSWORD=postgres psql -h localhost -U postgres -d postgres -c "ALTER SYSTEM SET shared_buffers = '256MB';" | |
| PGPASSWORD=postgres psql -h localhost -U postgres -d postgres -c "ALTER SYSTEM SET synchronous_commit = off;" | |
| PGPASSWORD=postgres psql -h localhost -U postgres -d postgres -c "ALTER SYSTEM SET max_wal_senders = 0;" | |
| PGPASSWORD=postgres psql -h localhost -U postgres -d postgres -c "SELECT pg_reload_conf();" | |
| - run: cargo build --tests --workspace | |
| - run: cargo test --workspace | |
| frontend-lint: | |
| name: Frontend / Lint | |
| runs-on: ubuntu-24.04 | |
| needs: changed-files | |
| if: needs.changed-files.outputs.non-rust == 'true' | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| cache: pnpm | |
| node-version-file: package.json | |
| - run: pnpm install | |
| - run: pnpm lint:hbs | |
| - run: pnpm lint:js | |
| - run: pnpm lint:deps | |
| - run: pnpm prettier:check | |
| frontend-test: | |
| name: Frontend / Test | |
| runs-on: ubuntu-24.04 | |
| needs: [changed-files, percy-nonce] | |
| if: needs.changed-files.outputs.non-rust == 'true' | |
| env: | |
| JOBS: 1 # See https://git.io/vdao3 for details. | |
| # Percy secrets are included here to enable Percy's GitHub integration | |
| # on community-submitted PRs | |
| PERCY_TOKEN: web_0a783d8086b6f996809f3e751d032dd6d156782082bcd1423b9b860113c75054 | |
| PERCY_PARALLEL_NONCE: ${{ needs.percy-nonce.outputs.nonce }} | |
| PERCY_PARALLEL_TOTAL: 2 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| cache: pnpm | |
| node-version-file: package.json | |
| - run: pnpm install | |
| - if: github.repository == 'rust-lang/crates.io' | |
| run: pnpm percy exec --parallel -- pnpm test-coverage | |
| - if: github.repository != 'rust-lang/crates.io' | |
| run: pnpm test-coverage | |
| msw-test: | |
| name: Frontend / Test (@crates-io/msw) | |
| runs-on: ubuntu-24.04 | |
| needs: [changed-files] | |
| if: needs.changed-files.outputs.non-rust == 'true' | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| cache: pnpm | |
| node-version-file: package.json | |
| - run: pnpm install | |
| - run: pnpm --filter "@crates-io/msw" test | |
| e2e-test: | |
| name: Frontend / Test (playwright) | |
| runs-on: ubuntu-24.04 | |
| needs: [changed-files, percy-nonce] | |
| timeout-minutes: 60 | |
| if: needs.changed-files.outputs.non-rust == 'true' | |
| env: | |
| JOBS: 1 # See https://git.io/vdao3 for details. | |
| # Percy secrets are included here to enable Percy's GitHub integration | |
| # on community-submitted PRs | |
| PERCY_TOKEN: web_0a783d8086b6f996809f3e751d032dd6d156782082bcd1423b9b860113c75054 | |
| PERCY_PARALLEL_NONCE: ${{ needs.percy-nonce.outputs.nonce }} | |
| PERCY_PARALLEL_TOTAL: 2 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| cache: pnpm | |
| node-version-file: package.json | |
| - run: pnpm install | |
| - run: pnpm playwright install chromium | |
| - if: github.repository == 'rust-lang/crates.io' | |
| run: pnpm percy exec --parallel -- pnpm e2e | |
| - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4 | |
| if: ${{ !cancelled() }} | |
| with: | |
| name: playwright-report | |
| path: playwright-report/ | |
| retention-days: 14 | |
| zizmor: | |
| name: CI / Lint | |
| runs-on: ubuntu-24.04 | |
| needs: changed-files | |
| if: needs.changed-files.outputs.ci == 'true' | |
| permissions: | |
| security-events: write | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - uses: astral-sh/setup-uv@bd01e18f51369d5a26f1651c3cb451d3417e3bba # v6.3.1 | |
| - run: uvx zizmor@${ZIZMOR_VERSION} --format=sarif . > results.sarif | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 | |
| with: | |
| sarif_file: results.sarif | |
| category: zizmor |